I have an API that has a number of public endpoints, even RFC-defined ones like /.well-known/openid-configuration (see RFC 8414). I have properly defined a global security directive and, per openapi guidance, overridden the public endpoints with "security": [].
However, rate-my-openapi is still reporting this as an issue on every public endpoint.
If you want to reproduce, look at report 40c0b4f3-35e2-4913-af7c-d28d7e0dbed7 or you can find my OpenAPI specification here.
I have an API that has a number of public endpoints, even RFC-defined ones like
/.well-known/openid-configuration(see RFC 8414). I have properly defined a globalsecuritydirective and, per openapi guidance, overridden the public endpoints with"security": [].However, rate-my-openapi is still reporting this as an issue on every public endpoint.
If you want to reproduce, look at report 40c0b4f3-35e2-4913-af7c-d28d7e0dbed7 or you can find my OpenAPI specification here.